From 33915a153afa0ef959ffb036d15d740ac744825e Mon Sep 17 00:00:00 2001 From: Olle Johansson Date: Fri, 16 Feb 2007 11:47:48 +0000 Subject: [PATCH] Issue #9068 - make sure we quote HTML characters correctly too (seanbright) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@54774 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- res/res_agi.c | 42 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/res/res_agi.c b/res/res_agi.c index e17147d075..c27b67f14f 100644 --- a/res/res_agi.c +++ b/res/res_agi.c @@ -1941,6 +1941,37 @@ static int handle_showagi(int fd, int argc, char *argv[]) return RESULT_SUCCESS; } +/*! \brief Convert string to use HTML escaped characters + \note Maybe this should be a generic function? +*/ +static void write_html_escaped(FILE *htmlfile, char *str) +{ + char *cur = str; + + while(*cur) { + switch (*cur) { + case '<': + fprintf(htmlfile, "%s", "<"); + break; + case '>': + fprintf(htmlfile, "%s", ">"); + break; + case '&': + fprintf(htmlfile, "%s", "&"); + break; + case '"': + fprintf(htmlfile, "%s", """); + break; + default: + fprintf(htmlfile, "%c", *cur); + break; + } + cur++; + } + + return; +} + static int handle_agidumphtml(int fd, int argc, char *argv[]) { struct agi_command *e; @@ -1979,11 +2010,16 @@ static int handle_agidumphtml(int fd, int argc, char *argv[]) stringp=e->usage; tempstr = strsep(&stringp, "\n"); - fprintf(htmlfile, "%s\n", tempstr); + fprintf(htmlfile, ""); + write_html_escaped(htmlfile, tempstr); + fprintf(htmlfile, "\n"); + fprintf(htmlfile, "\n"); - while ((tempstr = strsep(&stringp, "\n")) != NULL) - fprintf(htmlfile, "%s
\n",tempstr); + while ((tempstr = strsep(&stringp, "\n")) != NULL) { + write_html_escaped(htmlfile, tempstr); + fprintf(htmlfile, "
\n"); + } fprintf(htmlfile, "\n"); fprintf(htmlfile, "\n\n");